CVE-2015-0264 : Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.j

Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.

Published 2015-06-03 20:59:04

Updated 2025-04-12 10:46:41

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: XML external entity (XXE) injection

Products affected by CVE-2015-0264

Apache » Camel
Versions up to, including, (<=) 2.13.3
cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*
Matching versions
Apache » Camel » Version: 2.14.0
cpe:2.3:a:apache:camel:2.14.0:*:*:*:*:*:*:*
Matching versions
Apache » Camel » Version: 2.14.1
cpe:2.3:a:apache:camel:2.14.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-0264

EPSS FAQ

2.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 83 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-0264

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2015-0264

https://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc

Page Not Found - Apache Camel
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1539.html

RHSA-2015:1539 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=1df559649a96a1ca0368373387e542f46e4820da

ASF Git Repos - camel.git/commitdiff
http://securitytracker.com/id/1032442

Red Hat JBoss Fuse and A-MQ XML External Entity Processing Flaw Lets Remote Users Obtain Potentially Sensitive Files - SecurityTracker
https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E

svn commit: r1045395 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0188.txt.asc security-advisories.html - Pony Mail

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-1041.html

RHSA-2015:1041 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E

svn commit: r1045395 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0188.txt.asc security-advisories.html-Apache Mail Archives

CVEs referencing this url
https://git-wip-us.apache.org/repos/asf?p=camel.git%3Ba=commitdiff%3Bh=1df559649a96a1ca0368373387e542f46e4820da
https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E

svn commit: r1044347 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0194.txt.asc security-advisories.html-Apache Mail Archives

CVEs referencing this url
https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E

svn commit: r1044347 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0194.txt.asc security-advisories.html - Pony Mail

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-1538.html

RHSA-2015:1538 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2015-0264

Products affected by CVE-2015-0264

Exploit prediction scoring system (EPSS) score for CVE-2015-0264

CVSS scores for CVE-2015-0264

References for CVE-2015-0264